By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

attempts have occurred. Lockout is a primary defense against brute-force attacks. A brute-force attack attempts to log into a system with a known user account name by repeatedly trying different password combinations. Lockout works great against local physical access attempts and remote or network access attempts. However, lockout does not work against attacks through FTP.

Lockout should be a key part of an organization's security policy. There are three elements to defining the lockout policy:

Failed logon attempts -- the number of times a logon can fail before the account is locked out.

Lockout duration -- the length of time an account is locked out. If this is set to infinite then an administrator or account manager must re-enable the account manually.

Failed logon counter reset interval -- the length of time before the count of failed logons is reset to 0.

In most cases, a lockout duration of 15 minutes is more than sufficient to thwart a brute-force attack, but at the same time, not require the intervention of an administrator every time a user fumbles their logon multiple times. Most organizations allow three-to-five failed logon attempts before disabling the user account and a counter reset interval of 15 to 30 minutes.

Lockout by itself is a useful deterrent, but it should always be combined with logon auditing. Without a record of the activity in the Security Event Log, you will have no way of knowing the who, when and where of an account being locked out. If integrated with an intelligent intrusion-detection system (IDS), the audit trail and lockout feature can often pinpoint the cracker or the compromised system automatically.

About the author James Michael Stewart is a researcher and writer for
Lanwrights, Inc.

Related book

Authentication: From passwords to public keys By Richard E. Smith
This book gives readers a clear understanding of what an organization needs to reliably identify its users and how the different techniques for verifying identity are executed.

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy